Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Software

Citing Attack, GoToMyPC Resets All Passwords (krebsonsecurity.com) 41

Security reporter Brian Krebs writes:GoToMyPC, a service that helps people access and control their computers remotely over the Internet, is forcing all users to change their passwords, citing a spike in attacks that target people who re-use passwords across multiple sites. Owned by Santa Clara, Calif. based networking giant Citrix, GoToMyPC is a popular software-as-a-service product that lets users access and control their PC or Mac from anywhere in the world. On June 19, the company posted a status update and began notifying users that a system-wide password update was underway.
This discussion has been archived. No new comments can be posted.

Citing Attack, GoToMyPC Resets All Passwords

Comments Filter:
  • by zenlessyank ( 748553 ) on Monday June 20, 2016 @05:54PM (#52355997)
    Free demo now!!
    • Heh. My actual thought after going to their website ("I wonder if it's really cheap"): Whoa! $144 per year for that? No way!

      I guess my cheap-butt ways saved me yet again from a hack worse than death. Or not.

      • What I don't understand is how companies can sell something that is already free. Windows remote desktop and putty have been free forever. Plus there are other alternatives that I don't feel like listing. If you are dumb enough to pay for something that is free, then you deserve to get jacked!
        • by Anonymous Coward

          Remote Desktop for home users is completely different. It's not for tech support, you can't see what the other guy is doing because they are logged into a different account. And if they log into your account you get logged off. Also it doesn't have the simple random ID/PW login. You have to make an account or give out your password, which is much worse than losing your recycled PW from a 3rd party breach.
          Sure Remote Desktop can be used securely, but the average user has no clue. These services thrive on the

        • by tlhIngan ( 30335 )

          What I don't understand is how companies can sell something that is already free. Windows remote desktop and putty have been free forever. Plus there are other alternatives that I don't feel like listing. If you are dumb enough to pay for something that is free, then you deserve to get jacked!

          Ask Microsoft/Apple. I mean, Linux is free, why should anyone use Windows or macOS? Hell, why do people pay RedHat billions of dollars a year for Linux? It's all free, after all.

          The answer is, the commercial tools have

      • Heh. My actual thought after going to their website ("I wonder if it's really cheap"): Whoa! $144 per year for that? No way!

        Hey! Good hacks don't come cheap, ya freeloader!

  • If you haven't installed a password manager that generates a unique password for every site, now is a really good time to do it.
    • by PCM2 ( 4486 )

      Serious question: How's that work for you when you regularly use six different computers?

      • Re: (Score:2, Informative)

        by Anonymous Coward

        Not quite six, but KeePass2 and Dropbox works pretty well for home and work.

        • by dbIII ( 701233 ) on Monday June 20, 2016 @11:44PM (#52357285)
          Normally when Dropbox is mentioned and the topic is security it's referring to one of their many spectacular fuckups.
          Able to download the files of others by knowing the filename and hash - that was Dropbox when people used this bug as an alternative to bittorrent for a while.
          Able to login to other people's accounts without a password - Dropbox was wide open one day with that massive fuckup.
          Using the interface to revoke other people's access to your files, getting told that it had worked, then those other people found they could still get the files - Dropbox again.


          And that's just the stuff that has had dedicated articles about it on Slashdot.
          If you don't want your worst enemy, a potential thief, or your mother to see something then don't put it on Dropbox.
      • Both Chrome and Firefox can remember passwords across devices.
      • by Syberz ( 1170343 )

        My encrypted password DB is in my Google drive so I can access it from my computer or directly from an app on my phone when I'm not in front of my PC but need a password. This requires wifi or a data connection but otherwise it's been working great so far.

        I did this using KeePass and a Google drive plugin, but there are other plugins available as well.

  • When TeamViewer users [slashdot.org] where impacted, the initial reaction was TeamViewer itself had been hacked. They responded with the claim that users' reuse of passwords where to blame and TeamViewer security had not been breached. The fact an independent remote access software company is exhibiting the same issues seems to indicate that TeamViewer was probably correct that user behavior regarding poor handling of passwords is to blame.

    While both TeamViewer and Citrix seem to now be pushing two-factor authentication

    • by Cerlyn ( 202990 )

      GoToMyPC was first released in 1998.

      TeamViewer was first released sometime around 2005.

      Since then there have been a number of proposed common first-level login standards (OpenID, SAML..) along with second-factor ones (Symantec VIP, U2F...). Phone-based authentication seems to be popular at the moment.

      How are companies supposed to figure out if the standard they choose will last? Companies have embraced various standards, only to abandon them a year or two later.

      In short: the current state of things is a mes

      • by dbIII ( 701233 )

        GoToMyPC was first released in 1998. ... How are companies supposed to figure out if the standard they choose will last?

        SSH was first released in 1995.

        • by mwvdlee ( 775178 )

          SSH is now 21 years old.

          Back in 1994, Telnet (released in 1969) was 25 years old.

          Can you guarantee that SSH will still be around in 5 years?

          • I do not get your point. Telnet is still around in situations where it would make more sense for it not to be around. Just the other day there was an article here about EOL licence hassles with medical record software that users were connecting to using Microsoft's version of telnet.
            There are plenty of old systems in use. In five years there will still be a lot of current systems in use so it's a given that SSH will still around even if something much better is available.
  • Full of exposed user information. Once the cat is out of the bad it's out of the bag and it needs to be acknowledged. You should be able to look up yourself and all your past exposed password so that you can never ever use them again. In fact you should be able to add to the list yourself.

    • "Once the cat is out of the bad it's out of the bag and it needs to be acknowledged."

      I've never heard this phrase before and it's very confusing.

      There is that haveibeenpwned website. It doesn't list passwords and I think that's a good thing. It just says if your email address was included in a leak, if what was leaked included passwords then that would be your clue.

  • by luis_a_espinal ( 1810296 ) on Monday June 20, 2016 @10:47PM (#52357133)

    Owned by Santa Clara, Calif. based networking giant Citrix Err, Citrix is based in Ft. Lauderdale, and with the recent layoffs in Santa Clara, it is become clearer Citrix is circling its wagons back to South Florida (for better or worse, time will tell.)

After the last of 16 mounting screws has been removed from an access cover, it will be discovered that the wrong access cover has been removed.

Working...